All the latest UK technology news, reviews and analysis


EU approves stricter laws for punishing cyber crooks and botnet creators

05 Jul 2013
european-parliament

The European Parliament has voted in a new directive designed to increase the maximum sentences hackers can receive.

The legislation focuses on attacks designed to harm areas of critical national infrastructure or hijack company computer systems. Under the draft reform attacks on areas of critical infrastructure can now carry a maximum sentence of five years, while attempts to illegally access information systems can accrue a two year sentence in all European Union member states.

The directive also address Europe's growing Botnet problem. "When a significant number of information systems have been affected through the use of a tool (eg botnets) there is a maximum penalty of at least three years," reads the Commission's report on the legislation.

Botnets have been a massive issue across the world for many years now. The operations enslave computers using various malwares, letting hackers steal control of them and use them for a variety of nefarious schemes, including denial of service attacks and phishing scams.

Numerous technology firms, including Microsoft, have mounted joint operations with law enforcement to take down the zombie networks command and control servers. Most recently Microsoft teamed up with the FBI to take down the Citadel botnet. At its peak the botnet is believed to have controlled millions of infected PCs and stolen more than $500m in bank fraud.

Interestingly the move will allow nation states to take action against businesses selling botnet and hacking tools as well as those using them. It will also grant law enforcement the power to punish firm's paying or hackers to use the tools to steal information for them.

The Parliament in Strasbourg approved the legislation with a final vote count of 541 to 91 with nine abstentions on the proposal by the European Commission. Only Denmark has chosen to opt out of the rules preferring to keep its current cyber legislation. Other participating governments will now have two years to translate the decision into national law.

The news has been welcomed by European Commission, with Commissioner for Home Affairs, Cecilia Malmström said the move is a key step in the European Commission and Parliament's ongoing efforts to bolster the region's cyber defences.

"This is an important step to boost Europe's defences against cyber-attacks [...] The perpetrators of increasingly sophisticated attacks and the producers of related and malicious software can now be prosecuted, and will face heavier criminal sanctions. Member States will also have to quickly respond to urgent requests for help in the case of cyber-attacks, hence improving European justice and police cooperation," she said.

However, in the private sector many security companies have been less positive. Alienvault research team engineer, Conrad Constantine said the legislation will cause more harm than good as the people creating it do not understand cyber threats.

"Cybercrime is an oxymoron - we already have a word for it - 'Crime' - the reason 'cyber crimes' are criminal acts, is because they were criminal acts before computers were involved. Every time law tries to encode some particular use of technology into law, the result is inevitably fair poorly for civilians," he said.

"This is not to say that there are not edge cases that require some extension - determining how to prosecute a botnet operator may be difficult under current law, but not impossible, since whatever (existing) crimes the botnet is being used for, the botnet operator is complicit in. Having said that, more laws do not capture more criminals, they only turn more people into criminals."

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson
About

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus
Poll

BYOD vs CYOD vs BYOC poll

Which approach is your firm taking to managing employees' mobile devices?
21%
15%
4%
18%
29%
13%

Popular Threads

Powered by Disqus
samsung-galaxy-s5-smartphone

Samsung Galaxy S5 video review

We break down the key strengths and weaknesses of Samsung's latest Android flagship

Updating your subscription status Loading
Newsletters

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button
hpv33

Data protection: the key challenges

Deduplication is a foundational technology for efficient backup and recovery

rdc2

iPad makes its mark in the enterprise

The iPad can become a supercharged unified communications endpoint, allowing users to enhance their productivity

Junior IT Desktop Support Analyst

The Role: This is a fantastic opportunity to...

Oracle Developer - 11g, Weblogic, Toad, J2EE

Key Skills Extensive knowledge and experience of Oracle...

Head of Technology

Job; Head of Technology – London This company is one...

Linux Systems Administrator - MYSQL, Perl, PHP - West Yorkshire

Linux Systems Administrator - MYSQL, Perl, PHP - West...
To send to more than one email address, simply separate each address with a comma.